<!--   
Persistent Digital Archives and Library System (PeDALS) 
(c) 2008 - All Rights Reserved
//-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name="description" content="Persistent Digital Archives and Library System" />
<title>PeDALS Web Administration</title>
<link rel="shortcut icon" href="images/favicon.ico" />
<link href="includes/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php include 'includes/header.php'; ?>
<?php include 'includes/config.php'; ?>
<div id="breadcrumb-container">
  <div id="breadcrumb">Home</div>
  <div id="breadcrumb-side"><form name="search" action="search.php"><input type="text" name="q" width="50"/><input type="submit" value="Go" /></form><a href="advSearch.php" title="Advanced Search" alt="Advanced Search">Advanced Search</a>
  </div>
  <div class="clear"></div>
</div>
<!-- 
  CONTENT
  -->
<div id="content-container">
  <!-- 
	SIDE COLUMN
	-->
  <div id="content-side">
    <ul class="link-list-vertical">
      <li><a href="provSummary.php" title="Manage provenance data">Provenances</a></li>
      <li><a href="serSummary.php" title="Manage series data">Series</a></li>
      <li><a href="acqSummary.php" title="Manage acquisition data">Acquisitions</a></li>
    </ul>
  </div>
  <!-- 
	MAIN COLUMN	
	-->
  <div id="content"><a name="maincontent" id="maincontent"></a>
    <h1>Search PeDALS</h1>
<?php
// Get the search variable from URL

$var = @$_GET['q'];
$trimmed = trim($var); //Trim whitespace from the search variable
?>
<!-- Give an option to optimize your search with an advanced search page -->
<form name="search" action="search.php"><input type="text" name="q" value="<?php if(isset($var)){ echo $_GET['q'];}?>" /><input type="submit" value="Search" /> <a href="advSearch.php">Advanced Search</a></form>

<!-- A search from the main page will retrun a search of the database spanning across multiple tables -->



<?php
// Check for SQL injection issues
$pattern = "[!#^&*()$;=]";

if (eregi($pattern, $var)){
	echo "<span style='color: red; font-weight: bolder;'> ".$pattern ."</span> These characters are not allowed in a search.";}
else {



// limit the amount of rows to return
$limit = 20;

// check to see if there was a search term and display a message.
if ($trimmed == "")
	{
	echo "<p>No search term specified</p>";
	exit;
	}

// verify there really is a parameter for the search.
if (!isset($var))
	{echo "<p>No search parameters were given.</p>";
	exit;
	}

// connecting to database and build the SQL Query 
	//First lets only choose items from Provenance where ProvenanceName matchs the query
	$tsqlProv = "SELECT ProvenanceId, ProvenanceName, ProvenanceAdministrativeHistory, CONVERT(VARCHAR, CreatedDate, 101) AS CreatedDate, CreatedBy, CONVERT(VARCHAR, ModifiedDate, 101) AS ModifiedDate, ModifiedBy FROM Provenance WHERE ProvenanceName Like '%".$var."%'";

	$getData = sqlsrv_prepare( $conn, $tsqlProv);
	if( $getData === false ) {
		 echo "Error in preparing statement.<br/><br/><br/><br/>\n";
		 die;
	}
	
	
	/* Execute the statement. Display any errors that occur. */
	if( sqlsrv_execute( $getData))
	{   
	/*echo "Statement executed.\n";*/
	}
	else
	{
		 echo "Error in executing statement.<br/><br/><br/><br/>\n";
		 die;
	}
	$rowCount = 0;
	while (sqlsrv_fetch( $getData ))
	{	
		$id = sqlsrv_get_field($getData, 0);
		$name = sqlsrv_get_field($getData, 1);
		$createdon = sqlsrv_get_field($getData, 3);
		$createdby = sqlsrv_get_field($getData, 4);
		$modifiedon = sqlsrv_get_field($getData, 5);
		$modifiedby = sqlsrv_get_field($getData, 6);
		$rowCount++;
	}
	


if ($rowCount > 0)
	{
		echo "<h3>Provenance Matches</h3>";
		echo "<p>Your search term <span style='size: 14px; color: blue;'>" . $trimmed . "</span> returned ".$rowCount." results from Provenances.</p>";
		echo "<a href='provDetail.php?prov=".$id."'>".$name."</a>";
	}
else {
	echo "Nothing found in Provenance Title.";
};
echo "<hr>";
// connecting to database and build the SQL Query 
	//This is the search for the Series
	$tsqlProv = "SELECT SeriesId, SeriesTitle, SeriesDescription, CONVERT(VARCHAR, CreatedDate, 101) AS CreatedDate, CreatedBy, CONVERT(VARCHAR, ModifiedDate, 101) AS ModifiedDate, ModifiedBy FROM Series WHERE SeriesTitle Like '%".$var."%'";

	$getData = sqlsrv_prepare( $conn, $tsqlProv);
	if( $getData === false ) {
		 echo "Error in preparing statement.<br/><br/><br/><br/>\n";
		 die;
	}
	
	
	/* Execute the statement. Display any errors that occur. */
	if( sqlsrv_execute( $getData))
	{   
	/*echo "Statement executed.\n";*/
	}
	else
	{
		 echo "Error in executing statement.<br/><br/><br/><br/>\n";
		 die;
	}
	$rowCount = 0;
	$result="";
	while (sqlsrv_fetch( $getData ))
	{	
		$id = sqlsrv_get_field($getData, 0);
		$name = sqlsrv_get_field($getData, 1);
		$description = sqlsrv_get_field($getData, 2,SQLSRV_PHPTYPE_STRING( SQLSRV_ENC_CHAR));
		$createdon = sqlsrv_get_field($getData, 3);
		$createdby = sqlsrv_get_field($getData, 4);
		$modifiedon = sqlsrv_get_field($getData, 5);
		$modifiedby = sqlsrv_get_field($getData, 6);		
			
		$result .= "<a href='SerDetail.php?ser=".$id."'>".$name."</a> - ".$description."<br />Created: ".$createdon."<br />Created by: ".$createdby."<br>";
		$rowCount++;
	}
	
if ($rowCount > 0)
	{
		echo "<h3>Series Matches</h3>";
		echo "<p>Your search term <span style='size: 14px; color: blue;'>" . $trimmed . "</span> returned ".$rowCount." results from Series.</p>";
		echo $result;
		/*
		echo "<h3>Series Matches</h3>";
		echo "<p>Your search term <span style='size: 14px; color: blue;'>" . $trimmed . "</span> returned ".$rowCount." results from Series.</p>";
		echo "<a href='SerDetail.php?ser=".$id."'>".$name."</a> - ".$description."<br />Created: ".$createdon."<br />Created by: ".$createdby;
		*/
	}
else {
	echo "Nothing found in Series Title";
};

echo "<hr>";
// connecting to database and build the SQL Query 
	//This is the search for items
	$tsqlProv = "SELECT ItemId, ItemTitle, ItemDescription, CONVERT(VARCHAR, CreatedDate, 101) AS CreatedDate, CreatedBy, CONVERT(VARCHAR, ModifiedDate, 101) AS ModifiedDate, ModifiedBy FROM Item WHERE ItemTitle Like '%".$var."%'";

	$getData = sqlsrv_prepare( $conn, $tsqlProv);
	if( $getData === false ) {
		 echo "Error in preparing statement.<br/><br/><br/><br/>\n";
		 die;
	}
	
	
	/* Execute the statement. Display any errors that occur. */
	if( sqlsrv_execute( $getData))
	{   
	/*echo "Statement executed.\n";*/
	}
	else
	{
		 echo "Error in executing statement.<br/><br/><br/><br/>\n";
		 die;
	}
	$rowCount = 0;
	$result="";
	while (sqlsrv_fetch( $getData ))
	{	
		if ($rowCount<10){
		
		$id = sqlsrv_get_field($getData, 0);
		$name = sqlsrv_get_field($getData, 1);
		$description = sqlsrv_get_field($getData, 2,SQLSRV_PHPTYPE_STRING( SQLSRV_ENC_CHAR));
		$createdon = sqlsrv_get_field($getData, 3);
		$createdby = sqlsrv_get_field($getData, 4);
		$modifiedon = sqlsrv_get_field($getData, 5);
		$modifiedby = sqlsrv_get_field($getData, 6);		
				
		$result .= "<a href='itemDetail.php?id=".$id."'>".$name."</a> - ".$description."<br />Created: ".$createdon."<br />Created by: ".$createdby."<br>";	
			}
		$rowCount++;
	}
	
if ($rowCount > 0)
	{
		echo "<h3>Item Matches</h3>";
		echo "<p>Your search term <span style='size: 14px; color: blue;'>" . $trimmed . "</span> returned ".$rowCount." results from Items.</p>";
		echo $result;
		/*
		echo "<h3>Series Matches</h3>";
		echo "<p>Your search term <span style='size: 14px; color: blue;'>" . $trimmed . "</span> returned ".$rowCount." results from Series.</p>";
		echo "<a href='SerDetail.php?ser=".$id."'>".$name."</a> - ".$description."<br />Created: ".$createdon."<br />Created by: ".$createdby;
		*/
	}
else {
	echo "Nothing found in Series Title";
};


}




?>
    <div class="clear"></div>
	<!-- 
  FOOTER
  -->
<?php include 'includes\footer.php'; ?>
  </div>
</div>
</body>
</html>
